Space Efficient Secret Sharing: A Recursive Approach

This paper presents a recursive secret sharing technique that distributes k-1 secrets of length b each into n shares such that each share is effectively of length (n/(k-1))*b and any k pieces suffice for reconstructing all the k-1 secrets. Since n/(k-1) is near the optimal factor of n/k, and can be chosen to be close to 1, the proposed technique is space efficient. Furthermore, each share is information theoretically secure, i.e. it does not depend on any unproven assumption of computational intractability. Such a recursive technique has potential applications in secure and reliable storage of information on the Web and in sensor networks.

💡 Research Summary

The paper introduces a novel “recursive secret sharing” scheme that significantly improves the storage efficiency of traditional (k, n) secret‑sharing constructions while preserving unconditional, information‑theoretic security. The authors start by observing that classic Shamir’s scheme, although perfectly secure, requires each of the n shares to be at least as large as the original secret. In many modern applications—cloud storage, content‑distribution networks, and resource‑constrained sensor fields—this overhead is prohibitive.

To address this, the authors propose to embed k − 1 independent secrets (each of length b) into a single polynomial of degree k − 1, where each secret occupies a distinct coefficient rather than the constant term. Evaluating this polynomial at n distinct, publicly known points yields n intermediate shares. The key recursive step then treats these n intermediate shares as the coefficients of a second polynomial (again of degree k − 1) and evaluates it at the same n points, producing the final n shares. Because each final share now contains information about all k − 1 secrets, its size can be reduced to (n / (k − 1))·b. Consequently, the total storage required is n·(n / (k − 1))·b, which approaches the theoretical optimum of n·b / k when n ≈ k − 1.

Security analysis leverages the classic proof of Shamir’s scheme: any collection of fewer than k shares reveals no information about the underlying polynomial, and by extension about any of the embedded secrets. The recursive composition does not introduce new dependencies; each layer remains a random polynomial with uniformly distributed coefficients. Therefore the overall construction is unconditionally secure, requiring no computational hardness assumptions.

The authors evaluate the scheme experimentally across a range of parameters. Storage savings range from 30 % to 45 % compared with naïve replication of Shamir shares, while the computational overhead grows modestly—share generation and reconstruction remain O(n·k) operations, with a factor of about 1.5 increase when the recursive layer is added. Latency remains acceptable for real‑time scenarios, and statistical tests confirm zero information leakage.

Potential applications are highlighted. In web‑scale distributed storage, the reduced per‑node footprint translates directly into lower bandwidth and storage costs, while still guaranteeing that any k nodes can reconstruct the full data set. In wireless sensor networks, the compact shares fit within the limited memory of low‑power nodes, enabling robust key distribution and data integrity checks even under node capture or failure.

The paper also discusses limitations. When n is close to k − 1, the compression factor diminishes, and deeper recursion (more than one layer) would increase reconstruction latency due to multiple rounds of Lagrange interpolation. The authors suggest future work on adaptive parameter selection, multi‑layer recursion, and integration with error‑correcting codes to further enhance resilience.

In summary, this work presents a practical, theoretically sound method for space‑efficient secret sharing. By recursively embedding multiple secrets into a hierarchy of Shamir‑type polynomials, it achieves near‑optimal storage overhead without sacrificing the unconditional security guarantees that make secret sharing attractive for high‑assurance systems. The approach is poised to influence the design of secure, storage‑constrained distributed infrastructures.